Advanced use of pages.uoregon.edu

Overview (or Introduction)

The pages.uoregon.edu web server system provides a limited set of advanced capabilities for web development, including use of CGI programs for forms processing and dynamic page generation. Pages are one of several ways to host websites. See the Websites Service Catalog category for a list of options.

Information

Understanding the pages.uoregon.edu server system

pages.uoregon.edu is designed to support basic web publishing needs with security, reliability, and performance. This means that some advanced capabilities are restricted or not supported, and may be provided in ways that are different from other web hosting frameworks you are familiar with.

Content from pages.uoregon.edu is served from multiple web server systems. This improves performance and reliability. If one server is down because of a software problem or for maintenance, the other servers can continue to serve content.

These servers are also distinct from the shell.uoregon.edu system, although you can use shell.uoregon.edu to edit content in your pages. If you want to create CGI programs the same languages are available on shell.uoregon.edu for development and debugging purposes.

Some limitations may make it difficult to create complex web applications on pages.uoregon.edu. You may want to consider these options:

  • UO Blogs: a hosted blog service available to the University community.
  • UOCloud Virtual Machine: Obtain a virtual machine instance to allow maximum flexibility in web server and software configuration.  Note, however, that you will have to manage the virtual machine and its software yourself, and there may be a fee for this service.

Using CGI

CGI (Common Gateway Interface) is a protocol that allows web page access to run programs on the web server system. CGI is commonly used for processing HTML form data, generating page content dynamically, and for other sophisticated applications. Using CGI involves writing programs in common scripting languages like Perl or Python.  Their input is provided from the web server, and their output is sent to a user's browser.

You may use CGI programs on pages.uoregon.edu, with some considerations. The most significant is that CGI programs are run using the Apache suEXEC mechanism.  This means that CGI programs are run using the user ID and privileges of your own account to be able to update files (such as a guest book), but it also means that bugs in your CGI programs could allow someone to access or modify any file in your account (which may include things like your personal email). Be careful!

suEXEC imposes a number of security restrictions that must be met before it will run CGI programs. These include:

  • The program file must be owned by your own account.
  • The program file must be executable ("mode 755" in UNIX jargon).
  • The program file must not be writable by anyone other than you.
  • The program file must reside in a directory that is not writable by anyone other than you.

A complete list of security checks and restrictions is provided in the Apache suEXEC reference.

Program files that you use for CGI should also be uploaded with "UNIX-style" line terminators (lines end with only the ASCII LF character) rather than Windows-style line terminators (CR-LF). The extra CR characters may prevent your program from running properly in our web server environment.

In general, a CGI program will need to be written in one of the available scripting languages (Perl, Python, Ruby, PHP, or even shell scripting), start with an interpreter line indicating which language is being used (i.e."#!/usr/local/bin/perl"), and must at minimum output a Content-Type header ("Content-Type: text/html") preceding its other output.

Using PHP

PHP is a popular language for creating dynamic web pages. Limited use of PHP is supported on pages.uoregon.edu, but in a way somewhat different than most other providers use.

The most important consideration for using PHP is that it works like any other CGI program interpreter, rather than being interpreted directly within the web server via an Apache server module. This means that PHP files are subject to the same security considerations and requirements described above for CGI programs. It also means that a PHP file must start with an interpreter line like this:

#!/usr/local/bin/php

If a PHP file does not start with this line, our web server will not know to treat it as PHP.

While most PHP capabilities and a number of common add-on modules are available, some have been disabled for security reasons. In particular the ability to have PHP files automatically include other content retrieved from the web is not available ("allow_url_fopen = Off", "allow_url_include = Off").

Server-side includes

Server-side includes are a simple way to generate certain types of dynamic content in pages.  If you want an HTML file to be parsed for server-side includes, it must have a name ending in ".shtml".

Using .htaccess

The Apache web server provides a method for per-directory custom configuration using directives in a .htaccess file.  A subset of possible .htaccess directives is supported on pages.uoregon.edu. The specific categories of directives that are permitted are:

  • Indexes: directives that modify the appearance of directory indexes
  • AuthConfig: directives to control page authentication or authorization (password-protected web pages)
  • FileInfo: directives to manage redirection, rewriting, custom content types, and document metadata
  • Limit: directives to limit web page access from certain domains or IP address ranges

A more detailed listing of directives allowed in these categories is in the Apache documentation for the AllowOverride configuration option.

Simple CGI example

Place the content below in a file named "test.cgi" in your "public_html" directory, and make sure it is executable (the UNIX shell command "chmod 755 ~/public_html/test.cgi" will do this). You should then be able to access https://pages.uoregon.edu/(your DuckID)/test.cgi and see output showing you information about the web server environment.

#!/bin/sh

# disable filename globbing
set -f

echo Content-type: text/plain
echo

echo CGI/1.0 test script report:
echo

hostname
echo argc is $#. argv is "$*".
id
echo umask=`umask`
echo

printenv

Simple PHP example

Place the content below in a file named "info.php" in your "public_html" directory and make sure it is executable (the UNIX shell command "chmod 755 ~/public_html/info.php" will do this). You should then be able to access the URL https://pages.uoregon.edu/(your DuckID)/info.php and see detailed information about our PHP installation and its supported capabilites.

#!/usr/local/bin/php
<html><head><title>PHP Info</title></head>
<body>
<?php phpinfo(); ?>
</body></html>

Details

Article ID: 43069
Created
Wed 11/22/17 2:59 PM
Modified
Sun 5/14/23 7:03 PM

Related Articles (1)

Web hosting on pages.uoregon.edu
Faculty, staff, and students have their own personal web space at pages.uoregon.edu/<DuckID>. This space is for web pages, graphics, and document storage.